I need to lock down a TS server running QuickBooks. I created the GPO and applied it to an OU called Secure QuickBooks Servers. Within the GPO I defined the required setting including Loopback Processing. The problem I am having is that I have only the QB server computer object in the OU. I also created 2 test accounts for verification. I also have a group call QuickBooks Users which I use for security filtering on the GPO; I have removed the Authenticated Users group. The GPO will not apply without me adding the test user accounts to the Secure QuickBooks Servers OU which is not an option given that the Policy will then be applied to the user desktops as well ( I think). Is there a way for me to apply the Secure Terminal Server GPO only to the users logging on to the QuickBooks Server, without affecting the administrator or the users desktop environments?
Thank you in advance!